aboutsummaryrefslogtreecommitdiffstats
path: root/roles/space_server/files/radius/mods-available/eap
diff options
context:
space:
mode:
authorEmil Renner Berthing <esmil@labitat.dk>2021-01-19 21:58:10 +0100
committerEmil Renner Berthing <esmil@labitat.dk>2021-01-19 22:39:39 +0100
commitd43cdbc412d6548447d3d4c6238fc56c99e09d98 (patch)
tree8f5d9b7eabc3dfffaaa7be0088bae08777146aeb /roles/space_server/files/radius/mods-available/eap
parent3da205a190c0b6f36a726d90afa4dc303ee84ffe (diff)
downloadlabitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.tar.gz
labitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.tar.xz
labitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.zip
space_server: radius: use letsencrypt certificate
Diffstat (limited to 'roles/space_server/files/radius/mods-available/eap')
-rw-r--r--roles/space_server/files/radius/mods-available/eap12
1 files changed, 6 insertions, 6 deletions
diff --git a/roles/space_server/files/radius/mods-available/eap b/roles/space_server/files/radius/mods-available/eap
index 2136414..938370c 100644
--- a/roles/space_server/files/radius/mods-available/eap
+++ b/roles/space_server/files/radius/mods-available/eap
@@ -181,8 +181,8 @@ eap {
# authenticate via EAP-TLS! This is likely not what you want.
#
tls-config tls-common {
- private_key_password = whatever
- private_key_file = ${certdir}/server.pem
+ # private_key_password = whatever
+ private_key_file = ${certdir}/privkey.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
@@ -218,7 +218,7 @@ eap {
# give advice which will work everywhere. Instead,
# we give general guidelines.
#
- certificate_file = ${certdir}/server.pem
+ certificate_file = ${certdir}/fullchain.pem
# Trusted Root CA list
#
@@ -231,7 +231,7 @@ eap {
# In that case, this CA file should contain
# *one* CA certificate.
#
- ca_file = ${cadir}/ca.pem
+ # ca_file = ${cadir}/ca.pem
# OpenSSL will automatically create certificate chains,
# unless we tell it to not do that. The problem is that
@@ -392,8 +392,8 @@ eap {
# tls_max_version.
#
# disable_tlsv1_2 = no
- disable_tlsv1_1 = yes
- disable_tlsv1 = yes
+ # disable_tlsv1_1 = yes
+ # disable_tlsv1 = yes
# Set min / max TLS version. Mainly for Debian
# "trusty", which disables older versions of TLS, and